SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for stunnel-5.00-4.3.x86_64.rpm :
Wed May 27 14:00:00 2015 drahnAATTsuse.com
- stunnel-CVE-2015-3644.patch: Fix authentication bypass when using
\"redirect\" option (CVE-2015-3644, bsc#931517, backport from v5.17)

Thu Mar 6 13:00:00 2014 drahnAATTsuse.com
- update to final v5.00 code (FATE#315694)
- security fix: Added PRNG state update in fork threading (CVE-2014-0016).
- Patches:
- stunnel-listenqueue-option.patch refreshed.

Wed Feb 5 13:00:00 2014 drahnAATTsuse.com
- re-add stunnel.cnf openssl cert default config file (bnc#862294)

Fri Jan 31 13:00:00 2014 drahnAATTsuse.com
- update license information to correct SPDX format
- reintroduce stunnel3-binpath.patch
- set correct PATH within stunnel3 wrapper

Tue Jan 21 13:00:00 2014 drahnAATTsuse.com
- Update to version 5.0b1 (FATE#315694)
- Default \"pid\" is now \"\", i.e. not to create a pid file at startup.
- Default \"ciphers\" updated to \"HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2\" due to
AlFBPPS attack and bad performance of DH ciphersuites.
- New service-level option \"redirect\" to redirect SSL client connections on
authentication failures instead of rejecting them.
- New global \"engineDefault\" configuration file option to control which
OpenSSL tasks are delegated to the current engine.
- New service-level configuration file option \"engineId\" to select the engine
by identifier, e.g. \"engineId = capi\".
- Improved readability of error messages printed when stunnel refuses to start
due to a critical error.
- Patches:
- stunnel-CVE-2013-1762.patch obsoleted. Drpped.
- stunnel-default-fips-off.patch obsoleted. Dropped.
- stunnel-listenqueue-option.patch refreshed.

Tue Mar 5 13:00:00 2013 drahnAATTsuse.com
- stunnel-CVE-2013-1762.patch: Fix buffer overflow in NTLM authentication
(CVE-2013-1762, bnc#807440)

Thu Jan 3 13:00:00 2013 drahnAATTsuse.com
- update package to new version 4.54 (FATE#314256)
- New features:

* \"session\" option renamed to more readable \"sessionCacheTimeout\".
The old name remains accepted for backward compatibility.

* New service-level \"sessionCacheSize\" option to control session cache size.

* New service-level option \"reset\" to control whether TCP RST flag is used to
indicate errors. The default value is \"reset = yes\".

* New service-level option \"renegotiation\" to disable SSL renegotiation.

* Added client-mode \"sni\" option to directly control the value of TLS Server
Name Indication (RFC 3546) extension.

* Glibc-specific dynamic allocation tuning was applied to help unused memory
deallocation.

* Non-blocking OCSP implementation.

* New \"compression = deflate\" global option to enable RFC 2246 compresion.
- stunnel-init-openssl-fix.patch obsoleted. Dropped.
- stunnel-cipher-handling.patch obsoleted. Dropped.
- stunnel-listenqueue-option.patch rebased to new version.
- stunnel-default-fips-off.patch rebased to new version.

Wed Aug 22 14:00:00 2012 drahnAATTsuse.com
- stunnel-cipher-handling.patch: Fix stunnel cipher initialization.
Backport from upstream version 4.53 (bnc#776756)

Mon Aug 20 14:00:00 2012 drahnAATTsuse.com
- stunnel-init-openssl-fix.patch: Fix openSSL library initialization.
Backport from upstream version 4.53. (bnc#775262)
- stunnel-default-fips-off.patch: Default FIPS mode to off when built
against updated openSSL library. (bnc#775262)
- correct configure option to enable libwrap support

Thu May 12 14:00:00 2011 drahnAATTsuse.de
- update package to 4.36 (FATE#311400)
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)

Mon Sep 21 14:00:00 2009 daniel.rahnAATTnovell.com
- checkin package for SLES11 SP1 (FATE#307180)
- package source as bz2
- strip off debug package
- update to 4.27:
Version 4.27, 2009.04.16, urgency: MEDIUM:

* New features
- Win32 DLLs for OpenSSL 0.9.8k.
- FIPS support was updated for openssl-fips 1.2.
- New priority failover strategy for multiple \"connect\" targets,
controlled with \"failover=rr\" (default) or \"failover=prio\".
- pgsql protocol negotiation by Marko Kreen .
- Building instructions were updated in INSTALL.W32 file.

* Bugfixes
- Libwrap helper processes fixed to close standard
input/output/error file descriptors.
- OS2 compilation fixes.
- WCE fixes by Pierre Delaage .


  
ICM